Gardener

Appearance

Contract: SelfHostedShootExposure Resource

The SelfHostedShootExposure resource is a concept introduced to support Self-Hosted Shoot Clusters described in GEP36. In a self-hosted scenario, the control plane of a shoot cluster runs on dedicated nodes within the cluster itself, rather than in a separate seed cluster. To make the API server of such a cluster accessible from the outside (e.g., for kubectl access), the control plane endpoints must be exposed via a stable address (e.g., a LoadBalancer).

The SelfHostedShootExposure resource abstracts the specific infrastructure or mechanism used to expose the control plane (e.g., a cloud provider LoadBalancer, kube-vip, keepalived, etc.) into a uniform extension API. This allows Gardener to be agnostic to the underlying exposure implementation.

Resource Details

The SelfHostedShootExposure resource is reconciled by an extension controller. The controller is responsible for:

  1. Reading the endpoints listed in .spec.endpoints. These endpoints represent the nodes where the shoot control plane components (specifically the API server) are running. The API server listens on the specified .spec.port on these nodes.
  2. Provisioning a load balancer (or similar mechanism) that accepts traffic on .spec.port and routes traffic to the listed control plane endpoints.
  3. Updating the .status.ingress field with the public address (IP or hostname) of the provisioned load balancer.

The .spec.credentialsRef field references the cloudprovider credentials in case the self-hosted shoot has managed infrastructure (i.e., if Shoot.spec.{credentials,secret}BindingName is set). For shoots with unmanaged infrastructure, .spec.credentialsRef is unset.

Example

Below is an example of a SelfHostedShootExposure resource:

yaml
apiVersion: extensions.gardener.cloud/v1alpha1
kind: SelfHostedShootExposure
metadata:
  name: self-hosted-exposure
  namespace: kube-system
spec:
  type: stackit
  credentialsRef:
    apiVersion: v1
    kind: Secret
    namespace: kube-system
    name: cloudprovider
  port: 443
  endpoints:
  - nodeName: node-1
    addresses:
    - type: InternalIP
      address: 10.0.1.10
  - nodeName: node-2
    addresses:
    - type: InternalIP
      address: 10.0.1.11
status:
  ingress:
  - ip: 203.0.113.10
    hostname: load-balancer-hostname.example.com

References and additional resources

EU and German government funding logos

Funded by the European Union – NextGenerationEU.

The views and opinions expressed are solely those of the author(s) and do not necessarily reflect the views of the European Union or the European Commission. Neither the European Union nor the European Commission can be held responsible for them.

Copyright © Linux Foundation Europe.

Selfhostedshootexposure | Gardener is a project of NeoNephos Foundation. For applicable policies including privacy policy, terms of use and trademark usage guidelines, please see https://linuxfoundation.eu. Linux is a registered trademark of Linus Torvalds.
Terms of Use|Privacy Statement|Legal Disclosure